CN108419238A - A kind of method and device of detection rogue AP - Google Patents

A kind of method and device of detection rogue AP Download PDF

Info

Publication number
CN108419238A
CN108419238A CN201810105829.6A CN201810105829A CN108419238A CN 108419238 A CN108419238 A CN 108419238A CN 201810105829 A CN201810105829 A CN 201810105829A CN 108419238 A CN108419238 A CN 108419238A
Authority
CN
China
Prior art keywords
message
acquisition
bssid
rogue
carried
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810105829.6A
Other languages
Chinese (zh)
Inventor
檀深秋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN201810105829.6A priority Critical patent/CN108419238A/en
Publication of CN108419238A publication Critical patent/CN108419238A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Abstract

The invention discloses a kind of method and devices of detection rogue AP, and deployment is complicated when solving to exist in the prior art detection rogue AP, and the higher problem of cost.The method includes:First AP acquires the message that the 2nd AP is sent, and when the BSSID differences of the basic service set identification BSSID carried in the message of acquisition and the first AP, determine the quantity for releasing message identifying and/or disassociation message that the message of acquisition includes, if it is determined that the quantity be more than predetermined threshold value, then the first AP determine the 2nd AP be rogue AP.

Description

A kind of method and device of detection rogue AP
Technical field
The present invention relates to field of communication technology, more particularly to a kind of method and device of detection rogue AP.
Background technology
Currently, user passes through Wireless Fidelity (English using mobile terminal:Wireless-Fidelity, referred to as:WiFi it) connects When entering wireless network, the risk of some secure contexts can be faced, especially current more and more businessmans provide free use Wi-Fi access, while user-friendly, equally expose more and more risks.It is accessed in all wireless networks In risk, the maximum one kind of harmfulness should utilize illegal wireless access points (English:Wireless Access Point, referred to as:AP) wireless network access is provided, a large amount of personal informations of user are then further obtained by fishing website.Tool For body, legal AP is disguised oneself as by a rogue AP to provide free service on net.User once accesses this rogue AP, It is difficult to find.User then continues to input the completion certification of oneself account information, at this moment rogue AP just easily obtains user The account informations such as cell-phone number.And after pretending certification success, any website that user accesses is likely to go to specified fishing Website, this includes Web bank, various e-bank's paying websites etc., and a large amount of wealth of user is as a result caused to incur loss.
The method of currently used detection rogue AP is to acquire the message that surrounding AP is sent by multiple collecting devices, then The message of acquisition is sent to detection service device and analyzed by each collecting device, to detect rogue AP.But this detection Method is realized by deployment services device and multiple collecting devices, and deployment is complicated, and cost is higher.
Invention content
The embodiment of the present invention provides a kind of method and device of detection rogue AP, to solve to exist in the prior art detection Complexity, and cost higher problem are disposed when rogue AP.
In a first aspect, an embodiment of the present invention provides a kind of methods of detection rogue AP, including:
First AP acquires the message that the 2nd AP is sent;
Basic service set identification (the English carried in the message of acquisition:Basic Service Set Identifier, referred to as:When BSSID) with the BSSID differences of the first AP, the first AP determines the message of acquisition Include releases the quantity of message identifying and/or disassociation message;
When the determining quantity is more than predetermined threshold value, the first AP determines that the 2nd AP is rogue AP.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined 2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost, And it disposes simple.
With reference to first aspect, in the first possible embodiment of first aspect, the method further includes:
When the BSSID carried in the message of acquisition is identical as the BSSID of the first AP, the first AP is determined 2nd AP is rogue AP.
With reference to first aspect, in second of possible embodiment of first aspect, the predetermined threshold value is access institute State the quantity of the terminal device of the first AP.
With reference to first aspect, it in the third possible embodiment of first aspect, determines and acquires in the first AP The message include the quantity for releasing message identifying and/or disassociation message before, the method further includes:
First AP determines the service set (English carried in the message acquired:Service Set Identifier, referred to as:SSID) identical as the SSID of the first AP.
With reference to first aspect or any possible embodiment of first aspect, the 4th kind in first aspect are possible In embodiment, the 2nd AP is any AP around the first AP.
Second aspect, an embodiment of the present invention provides the first AP of one kind, including:
Acquisition module, the message for acquiring the 2nd AP transmissions;
Determining module, the basic service set identification BSSID for being carried in the message that the acquisition module acquires When with the BSSID differences of the first AP, releasing message identifying and/or disassociation that the message of acquisition includes are determined The quantity of message;When the determining quantity is more than predetermined threshold value, determine that the 2nd AP is rogue AP.
In conjunction with second aspect, in the first possible embodiment of second aspect, the determining module is additionally operable to When the BSSID carried in the message of the acquisition module acquisition is identical as the BSSID of the first AP, described second is determined AP is rogue AP.
In conjunction with second aspect, in second of possible embodiment of second aspect, the predetermined threshold value is access institute State the quantity of the terminal device of the first AP.
In conjunction with second aspect, in the third possible embodiment of second aspect, the determining module is additionally operable to Before determining the quantity for releasing message identifying and/or disassociation message that the message of acquisition includes, acquisition is determined The service set SSID carried in the message is identical as the SSID of the first AP.
In conjunction with second aspect or any possible embodiment of second aspect, the 4th kind in second aspect is possible In embodiment, the 2nd AP is any AP around the first AP.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined 2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost, And it disposes simple.
Description of the drawings
Fig. 1 is a kind of flow diagram of detection rogue AP method provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of detection rogue AP method provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of first AP provided in an embodiment of the present invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into It is described in detail to one step, it is clear that described embodiments are only a part of the embodiments of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts All other embodiment, shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of detection illegal wireless access points (English:Wireless Access Point, referred to as:AP method and device), deployment is complicated when solving to exist in the prior art detection rogue AP, and cost Higher problem.Wherein, method and apparatus are the principle phases that are solved the problems, such as due to method and device based on same inventive concept Seemingly, therefore the implementation of apparatus and method can be with cross-reference, and overlaps will not be repeated.
The preferred embodiment of the present invention is described in detail below in conjunction with the accompanying drawings.
As shown in fig.1, for the method schematic diagram of detection rogue AP provided in an embodiment of the present invention, the method specifically may be used To include as follows:
S101, the first AP acquire the message that the 2nd AP is sent.
Wherein, the first AP can periodically acquire the message that surrounding AP is sent, and the 2nd AP can be positioned at described Any AP around first AP.
The message can be beacon (beacon) message or data message etc..
S102, the basic service set identification carried in the message of acquisition (English:Basic Service Set Identifier, referred to as:When BSSID) with the BSSID differences of the first AP, the first AP determines the message of acquisition Include releases the quantity of message identifying and/or disassociation message.
It can be deauthentication messages to release message identifying, and disassociation message can be Disassociation messages.
S103, when the determining quantity is more than predetermined threshold value, the first AP determines that the 2nd AP is rogue AP.
Wherein, the predetermined threshold value can be the quantity for the terminal device for accessing the first AP, or other Preset value, the embodiment of the present invention are not specifically limited herein.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined 2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost, And it disposes simple.
Optionally, when the BSSID carried in the message of acquisition is identical as the BSSID of the first AP, described One AP determines that the 2nd AP is rogue AP.
In a kind of possible embodiment, the releasing certification that the message of acquisition includes is determined in the first AP Before the quantity of message and/or disassociation message, the first AP can determine the service carried in the message of acquisition Set identifier (English:Service Set Identifier, referred to as:SSID) identical as the SSID of the first AP.
Concrete application scene is given below in embodiment for a better understanding of the present invention, is detected to the first AP illegal The process of AP is specifically described, as shown in Fig. 2, detecting the schematic diagram of rogue AP process for the first AP.
S201, the first AP the beacon messages that periodically acquisition surrounding AP is sent.
The beacon messages that any AP (being referred to as the 2nd AP) that S202, the first AP are directed in surrounding AP is sent are solved Analysis, determines the SSID and BSSID of the 2nd AP.
S203, the first AP judge whether the BSSID of the BSSID and the first AP of the 2nd AP are identical;If so, executing step S207;If it is not, executing step S204.
S204, the first AP judge whether the SSID of the SSID and the first AP of the 2nd AP are identical;If so, executing step S205; If it is not, executing step S208.
S205, the first AP determine the message deauthentication messages that include that the 2nd AP is sent and The quantity of disassociation messages.
S206, the first AP judge whether the quantity is more than the quantity for the terminal device for being connected to the first AP;If so, executing Step S207;If it is not, executing step S208.
S207, the first AP determine that the 2nd AP is rogue AP.
S208, the first AP determine that the 2nd AP is legal AP.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined 2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost, And it disposes simple.
Based on the same inventive concept of embodiment of the method corresponding with Fig. 1, the embodiment of the present invention provides one kind the first AP The structure of 30, the first AP 30 as shown in figure 3, include acquisition module 31 and determining module 32, wherein:
Acquisition module 31, the message for acquiring the 2nd AP transmissions;
Determining module 32, the basic service set identification for being carried in the message that the acquisition module 31 acquires When the BSSID differences of BSSID and the first AP, the releasing message identifying and/or solution that the message of acquisition includes are determined Except the quantity of association message;When the determining quantity is more than predetermined threshold value, determine that the 2nd AP is rogue AP.
Optionally, the determining module 32 is additionally operable to carry in the message that the acquisition module 31 acquires When BSSID is identical as the BSSID of the first AP, determine that the 2nd AP is rogue AP.
Optionally, the predetermined threshold value is the quantity for the terminal device for accessing the first AP.
Optionally, the determining module 32 is additionally operable in the releasing message identifying for determining that the message of acquisition includes And/or before the quantity of disassociation message, the service set SSID that carries and described the are determined in the message of acquisition The SSID of one AP is identical.
Optionally, the 2nd AP is any AP around the first AP.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, the present invention can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (10)

1. a kind of method of detection rogue AP, which is characterized in that including:
First AP acquires the message that the 2nd AP is sent;
It is described when the BSSID differences of the basic service set identification BSSID carried in the message of acquisition and the first AP First AP determines the quantity for releasing message identifying and/or disassociation message that the message of acquisition includes;
When the determining quantity is more than predetermined threshold value, the first AP determines that the 2nd AP is rogue AP.
2. the method as described in claim 1, which is characterized in that the method further includes:
When the BSSID carried in the message of acquisition is identical as the BSSID of the first AP, described in the first AP determinations 2nd AP is rogue AP.
3. the method as described in claim 1, which is characterized in that the predetermined threshold value is to access the terminal device of the first AP Quantity.
4. the method as described in claim 1, which is characterized in that determine that the message of acquisition includes in the first AP Before the quantity for releasing message identifying and/or disassociation message, the method further includes:
First AP determines that the service set SSID carried in the message acquired is identical as the SSID of the first AP.
5. such as Claims 1-4 any one of them method, which is characterized in that the 2nd AP is positioned at the described first AP weeks Any AP enclosed.
6. the first AP of one kind, which is characterized in that including:
Acquisition module, the message for acquiring the 2nd AP transmissions;
Determining module, the basic service set identification BSSID for being carried in the message that the acquisition module acquires and institute When stating the BSSID differences of the first AP, the releasing message identifying and/or disassociation message that the message of acquisition includes are determined Quantity;When the determining quantity is more than predetermined threshold value, determine that the 2nd AP is rogue AP.
7. the first AP as claimed in claim 6, which is characterized in that the determining module is additionally operable to adopt in the acquisition module When the BSSID carried in the message of collection is identical as the BSSID of the first AP, determine that the 2nd AP is rogue AP.
8. the first AP as claimed in claim 6, which is characterized in that the predetermined threshold value is to access the terminal of the first AP to set Standby quantity.
9. the first AP as claimed in claim 6, which is characterized in that the determining module is additionally operable to determining described in acquisition Before the quantity for releasing message identifying and/or disassociation message that message includes, determines and carried in the message of acquisition Service set SSID it is identical as the SSID of the first AP.
10. such as the first AP of claim 6 to 9 any one of them, which is characterized in that the 2nd AP is positioned at the first AP Any AP of surrounding.
CN201810105829.6A 2018-02-02 2018-02-02 A kind of method and device of detection rogue AP Pending CN108419238A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810105829.6A CN108419238A (en) 2018-02-02 2018-02-02 A kind of method and device of detection rogue AP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810105829.6A CN108419238A (en) 2018-02-02 2018-02-02 A kind of method and device of detection rogue AP

Publications (1)

Publication Number Publication Date
CN108419238A true CN108419238A (en) 2018-08-17

Family

ID=63126768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810105829.6A Pending CN108419238A (en) 2018-02-02 2018-02-02 A kind of method and device of detection rogue AP

Country Status (1)

Country Link
CN (1) CN108419238A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110087244A (en) * 2019-04-29 2019-08-02 新华三技术有限公司 A kind of information acquisition method and device
CN113709745A (en) * 2021-07-31 2021-11-26 新华三技术有限公司成都分公司 Method for coloring configured basic service set and identifying illegal AP (access point) and AP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327484A (en) * 2013-06-27 2013-09-25 深圳市共进电子股份有限公司 Method for clearing illegal AP in wireless local area network
CN103648094A (en) * 2013-11-19 2014-03-19 华为技术有限公司 Method, device and system for detecting illegal wireless access point
CN106102068A (en) * 2016-08-23 2016-11-09 大连网月科技股份有限公司 A kind of illegal wireless access point detection and attack method and device
CN106790299A (en) * 2017-03-20 2017-05-31 京信通信技术(广州)有限公司 A kind of wireless attack defence method and device applied in wireless access point AP

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327484A (en) * 2013-06-27 2013-09-25 深圳市共进电子股份有限公司 Method for clearing illegal AP in wireless local area network
CN103648094A (en) * 2013-11-19 2014-03-19 华为技术有限公司 Method, device and system for detecting illegal wireless access point
CN106102068A (en) * 2016-08-23 2016-11-09 大连网月科技股份有限公司 A kind of illegal wireless access point detection and attack method and device
CN106790299A (en) * 2017-03-20 2017-05-31 京信通信技术(广州)有限公司 A kind of wireless attack defence method and device applied in wireless access point AP

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110087244A (en) * 2019-04-29 2019-08-02 新华三技术有限公司 A kind of information acquisition method and device
CN113709745A (en) * 2021-07-31 2021-11-26 新华三技术有限公司成都分公司 Method for coloring configured basic service set and identifying illegal AP (access point) and AP
CN113709745B (en) * 2021-07-31 2023-11-07 新华三技术有限公司成都分公司 Method for coloring and identifying illegal AP (access point) by configuring basic service set and AP

Similar Documents

Publication Publication Date Title
CN106792992B (en) Method and equipment for providing wireless access point information
EP3562257B1 (en) Wireless fidelity (wi-fi) connection method and related product
US10009718B2 (en) Sign-in method and device, sign-in server, and storage medium
CN105281906A (en) Safety authentication method and device
CN107743130B (en) Fingerprint matching method, device and system
CN107135149B (en) Method and equipment for recommending social users
CN107172209B (en) Information pushing method and device
KR20150065410A (en) Access point connection method of electronic apparatus and electronic appparatus thereof
CN110474879B (en) Identity recognition preprocessing method, identity recognition method, and equipment and system thereof
CN106465175A (en) Method for collecting and aggregating network quality data
CN105574948A (en) Checking-in method and equipment
CN103944893A (en) Communication method and user equipment
CN106600275A (en) Risk identification method and apparatus thereof
CN106686587B (en) Wireless fidelity Wi-Fi connection method, mobile terminal and medium
CN105790948A (en) Identity authentication method and identity authentication device
CN104980420A (en) Business processing method, device, terminal and server
CN108419238A (en) A kind of method and device of detection rogue AP
CN104038900A (en) Locating method and equipment
CN106658670B (en) A kind of Wireless Fidelity Wi-Fi scan method and mobile terminal
CN109040050A (en) Data interactive method and Related product
CN108156586A (en) Phone number acquisition methods and system, server, storage medium
CN105812343A (en) Wearable service authentication method, cloud platform, wearable device and terminal
CN105282821A (en) Terminal and method for connecting the terminal with wireless fidelity WiFi access point
CN115801299B (en) Meta universe identity authentication method, device, equipment and storage medium
CN106888496B (en) A kind of Wireless Fidelity Wi-Fi connection method and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180817

RJ01 Rejection of invention patent application after publication